jonati

hoi, na ik ingelogd heb bij hotmail (ongeveer 2 minuten), begint de cursus te draaien (W7), en kan ik niks doen... (beestjes, spam???). Als ik toch iets probeer wordt mijn scherm flauwer... (op andere websites heb ik dit niet). Heeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeelp:embarassed::embarassed: Malwarebytes Anti-Malware gedraaid; alles in orde Nu: ben eset aan het draaien; breng u nog op de hoogte!!! Alvast een logje, nodig???? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:48, on 17/04/2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v9.00 (9.00.8080.16413) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\V0330Mon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6960 bytes

Is ondertussen opgelost, toch bedankt!

Hoi, iemand ervaring met volgende mediaplayer en leverancier; Iomega ScreenPlay Plus HD Media Player - Digitale AV-speler - HD 1 TB; bij pixmania

Beste, probeer mijn tv te gebruiken als scherm met hdmi kabel! Toch krijg alleen mijn bureaublad te zien, zonder pictogrammen, iemand een idee???:embarassed: Alle uitgangen op hdmi gezet (kan ik ze allebei gebruiken, hoe gaat dit in zijn werk, heb ze proberen te spitsen, maar te vergeefs)??? Pc scherm is aangesloten met vga, pc zelf heeft maar één hdmi uitgang, tv ook! Groetjes, Jonati

Beste, kan ik via mijn pc, met een hdmi-kabel (5m), via mijn tv mijn bestanden bekijken (foto's, films,...)? Ook geluid? Zo ja, waar koop ik een hdmi kabel van 5 m het best (want er is geen kwaliteitsverschil schijnt in duurdere of goodkope)?:hmmmm: Groeten, Jonati

Beste, wat is het verschil tss volgende items eigenlijk; 1)iBOOD.com - Internet's Best Online Offer Daily! en 2)https://dynabyte.nl/artikel/7126031/Sitecom_Wireless_Network_TV_Media_Player_WL-355?utm_campaign=tradetr&utm_source=tradetracker&utm_medium=affiliate Ik bezit een pc Asrock ION 330 HT met wireless mogelijkheden die 4 meter van mijn Tv staat! Welk systeem koop ik het best (bij systeem 1, moet ik nog een harde schijf kopen, mss is systeem 2 interessanter bij aankoop 2de pc of laptop)? Is het zo, dat je met systeem 2 een netwerk kunt bouwen? Andere suggesties??????

Aha, Spybot heeft het eindelijk kunnen oplossen!!! (heeft dat met de herstelpunten te maken, waren er teveel of????) De volhouder wint,...

wordt nog steeds gededecteerd!!!

ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=b3c1ae5dd4d4dd45ae562fc1dd054af2 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-12-23 01:35:12 # local_time=2010-12-23 02:35:12 (+0100, Romance (standaardtijd)) # country="Belgium" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 26483575 26483575 0 0 # compatibility_mode=770 16774141 100 100 9087328 229337666 0 0 # compatibility_mode=1024 16777215 100 0 26396172 26396172 0 0 # compatibility_mode=5893 16776573 100 94 23953244 44686362 0 0 # compatibility_mode=8192 67108863 100 0 6943 6943 0 0 # scanned=169209 # found=6 # cleaned=6 # scan_time=11600 C:\System Volume Information\_restore{DF36D362-D70F-4DF1-BA83-8E227890C90F}\RP33\A0026245.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Danny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1c01cd12-4800537a Java/Mugademel.A trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Danny\Downloads\MsgPlusLive-484.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Documents and Settings\Danny\Local Settings\Temp\KGTr3J_m.exe.part a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Documents and Settings\Danny\Local Settings\Temp\Qr8oC5EC.exe.part a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Documents and Settings\Danny\Local Settings\Temp\tkW6o9WR.exe.part a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=b3c1ae5dd4d4dd45ae562fc1dd054af2 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-12-23 10:48:17 # local_time=2010-12-23 11:48:17 (+0100, Romance (standaardtijd)) # country="Belgium" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 26523068 26523068 0 0 # compatibility_mode=770 16774141 100 100 9126821 229377159 0 0 # compatibility_mode=1024 16777215 100 0 26439265 26439265 0 0 # compatibility_mode=5893 16776573 100 94 0 44725855 0 0 # compatibility_mode=8192 67108863 100 0 46436 46436 0 0 # scanned=58399 # found=3 # cleaned=3 # scan_time=5292 C:\System Volume Information\_restore{DF36D362-D70F-4DF1-BA83-8E227890C90F}\RP33\A0026245.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Danny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1c01cd12-4800537a Java/Mugademel.A trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Danny\Downloads\MsgPlusLive-484.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=b3c1ae5dd4d4dd45ae562fc1dd054af2 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-12-23 01:53:03 # local_time=2010-12-23 02:53:03 (+0100, Romance (standaardtijd)) # country="Belgium" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 26528486 26528486 0 0 # compatibility_mode=770 16774141 100 100 9132239 229382577 0 0 # compatibility_mode=1024 16777215 100 0 26444683 26444683 0 0 # compatibility_mode=5893 16776573 100 94 0 44731273 0 0 # compatibility_mode=8192 67108863 100 0 51854 51854 0 0 # scanned=169235 # found=3 # cleaned=3 # scan_time=10957 C:\Windows.old\Documents and Settings\Danny\Local Settings\Temp\KGTr3J_m.exe.part a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Documents and Settings\Danny\Local Settings\Temp\Qr8oC5EC.exe.part a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows.old\Documents and Settings\Danny\Local Settings\Temp\tkW6o9WR.exe.part a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

Waar vind ik dit? C:\Program Files\EsetOnlineScanner\log.txt

Nog steeds hetzelfde!!!! --- Search result list --- Zango: [sBI $9DB49993] Interface (Register sleutel, nothing done) HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} Zango: [sBI $689E03A0] Interface (Register sleutel, nothing done) HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861} Zango: [sBI $689E03A0] Interface (Register sleutel, nothing done) HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861} Zango: [sBI $411F0828] Interface (Register sleutel, nothing done) HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} Zango: [sBI $411F0828] Interface (Register sleutel, nothing done) HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} Zango: [sBI $9432A0E4] Interface (Register sleutel, nothing done) HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} Zango: [sBI $9432A0E4] Interface (Register sleutel, nothing done) HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} DoubleClick: Tracking cookie (Internet Explorer: Danny) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2010-02-19 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2010-10-05 Includes\Adware.sbi (*) 2010-11-30 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2010-12-14 Includes\Dialer.sbi (*) 2010-12-14 Includes\DialerC.sbi (*) 2010-01-25 Includes\HeavyDuty.sbi (*) 2010-11-30 Includes\Hijackers.sbi (*) 2010-11-30 Includes\HijackersC.sbi (*) 2010-09-15 Includes\iPhone.sbi (*) 2010-12-14 Includes\Keyloggers.sbi (*) 2010-12-14 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2010-12-14 Includes\Malware.sbi (*) 2010-12-14 Includes\MalwareC.sbi (*) 2010-05-18 Includes\PUPS.sbi (*) 2010-12-14 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2010-12-14 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2010-12-14 Includes\Spyware.sbi (*) 2010-12-14 Includes\SpywareC.sbi (*) 2010-03-08 Includes\Tracks.uti 2010-11-02 Includes\Trojans.sbi (*) 2010-11-30 Includes\TrojansC-02.sbi (*) 2010-11-30 Includes\TrojansC-03.sbi (*) 2010-11-30 Includes\TrojansC-04.sbi (*) 2010-12-14 Includes\TrojansC-05.sbi (*) 2010-11-30 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Unknown Windows version 6.1 (Build: 7600) (6.1.7600) --- Startup entries list --- Located: HK_LM:Run, Adobe ARM command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe size: 932288 MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A Located: HK_LM:Run, Adobe Reader Speed Launcher command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe size: 35760 MD5: 12673BCF7B32087DF63F0CFF550EA40B Located: HK_LM:Run, SetPoint command: C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE file: C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE size: 581632 MD5: 6860718FA794F913F3F1BDF3CE0A9171 Located: HK_LM:Run, V0330Mon.exe command: C:\Windows\V0330Mon.exe file: C:\Windows\V0330Mon.exe size: 32768 MD5: F1473B7FD59FBBBF46E6E010DF869342 Located: HK_LM:Run, YouTubeDownloader_upgrade command: "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade file: C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe size: 394240 MD5: AF35A32CE96454EBDEDE956FF6C71D4E Located: HK_CU:Run, msnmsgr where: S-1-5-21-1434075484-1833317394-3949034151-1001... command: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background file: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe size: 3872080 MD5: 8177C2E8EAC95DB663EB9D204F5E97D7 Located: HK_CU:Run, RESTART_STICKY_NOTES where: S-1-5-21-1434075484-1833317394-3949034151-1001... command: C:\Windows\System32\StikyNot.exe file: C:\Windows\System32\StikyNot.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, Sidebar where: S-1-5-21-1434075484-1833317394-3949034151-1001... command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun file: C:\Program Files\Windows Sidebar\sidebar.exe size: 1475072 MD5: 8FC6C4EE0A2D3EBAA70FA38F99141BCE Located: Startup (algemeen), Microsoft Office.lnk where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE file: C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE size: 83360 MD5: 5BC65464354A9FD3BEAA28E18839734A --- Browser helper object list --- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: AcroIEHelperStub CLSID name: Adobe PDF Link Helper Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\ Long name: AcroIEHelperShim.dll Short name: ACROIE~2.DLL Date (created): 9/22/2010 5:04:14 PM Date (last access): 10/7/2010 8:02:16 PM Date (last write): 9/22/2010 5:04:14 PM Filesize: 75200 Attributes: archive MD5: 203A74767EB81F96A5166B1933DB46D0 CRC32: B0D671C9 Version: 9.4.0.195 {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: Search Helper CLSID name: Search Helper Path: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\ Long name: SEPsearchhelperie.dll Short name: SEPSEA~1.DLL Date (created): 5/19/2009 11:36:18 AM Date (last access): 2/15/2010 11:34:18 AM Date (last write): 5/19/2009 11:36:18 AM Filesize: 137600 Attributes: archive MD5: F655CDD5506FBB4C40C08C9C6A66F7C8 CRC32: 579241EB Version: 1.3.59.0 {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Windows Live Aanmelden - Help Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 1/22/2009 2:41:30 PM Date (last access): 10/20/2010 7:03:40 PM Date (last write): 1/22/2009 2:41:30 PM Filesize: 408448 Attributes: archive MD5: B7899C3E21B299D7A3C0DA96CAE340BD CRC32: 288935F8 Version: 5.0.818.5 {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java Plug-In 2 SSV Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Java Plug-In 2 SSV Helper Path: C:\Program Files (x86)\Java\jre6\bin\ Long name: jp2ssv.dll Short name: Date (created): 7/17/2010 5:08:56 AM Date (last access): 8/3/2010 8:33:44 AM Date (last write): 7/17/2010 5:08:56 AM Filesize: 41760 Attributes: archive MD5: 6D5ADB1C823BFE21F9431D0995C7B185 CRC32: 71F413A1 Version: 6.0.210.7 {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (Windows Live Toolbar Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Windows Live Toolbar Helper Path: C:\Program Files (x86)\Windows Live\Toolbar\ Long name: wltcore.dll Short name: Date (created): 4/16/2010 6:55:34 PM Date (last access): 10/20/2010 7:06:10 PM Date (last write): 4/16/2010 6:55:34 PM Filesize: 1067872 Attributes: archive MD5: 4A3AE89071321B4E4337DF5E63E946A7 CRC32: AC3F4E5F Version: 14.0.8117.416 --- ActiveX list --- {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_21 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files (x86)\Java\jre6\bin\ Long name: jp2iexp.dll Short name: Date (created): 5/24/2010 5:33:26 PM Date (last access): 7/17/2010 4:01:04 AM Date (last write): 7/17/2010 4:00:08 AM Filesize: 108320 Attributes: archive MD5: 25F044BAA126064EB0284FB6C115BAB9 CRC32: 9CD13605 Version: 6.0.210.7 {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_21 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Path: C:\Program Files (x86)\Java\jre6\bin\ Long name: jp2iexp.dll Short name: Date (created): 5/24/2010 5:33:26 PM Date (last access): 7/17/2010 4:01:04 AM Date (last write): 7/17/2010 4:00:08 AM Filesize: 108320 Attributes: archive MD5: 25F044BAA126064EB0284FB6C115BAB9 CRC32: 9CD13605 Version: 6.0.210.7 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_21 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files (x86)\Java\jre6\bin\ Long name: npjpi160_21.dll Short name: NPJPI1~1.DLL Date (created): 7/17/2010 1:42:32 AM Date (last access): 7/17/2010 4:01:16 AM Date (last write): 7/17/2010 4:00:06 AM Filesize: 141088 Attributes: archive MD5: 0B3AC6C55A8F57FFEB18A9FC35A5E9CF CRC32: 1D07915B Version: 6.0.210.7 {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) DPF name: CLSID name: Creative Software AutoUpdate Support Package Installer: C:\Windows\Downloaded Program Files\CTPID.inf Codebase: http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab description: classification: Legitimate known filename: CTPID.ocx info link: info source: Safer Networking Ltd. Path: C:\PROGRA~2\Creative\SHARED~1\SOFTWA~1\ Long name: CTPID.ocx --- Process list --- PID: 0 ( 0) [system] PID: 1836 (1448) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe size: 3872080 MD5: 8177C2E8EAC95DB663EB9D204F5E97D7 PID: 1196 (1960) C:\Program Files (x86)\Logitech\SetPoint\KEM.exe size: 581632 MD5: 6860718FA794F913F3F1BDF3CE0A9171 PID: 1236 (1960) C:\Windows\V0330Mon.exe size: 32768 MD5: F1473B7FD59FBBBF46E6E010DF869342 PID: 2116 (1196) C:\Program Files (x86)\Logitech\SetPoint\KHALMNPR.EXE size: 29696 MD5: 62E28ACE0821C5D1268CF04269769586 PID: 4532 (1448) C:\Program Files (x86)\Mozilla Firefox\firefox.exe size: 910296 MD5: 49958506B773E40D31832E3EEDA522E7 PID: 644 (1448) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe size: 5365592 MD5: 0477C2F9171599CA5BC3307FDFBA8D89 PID: 4540 ( 648) C:\Windows\SysWOW64\DllHost.exe size: 7168 MD5: A63DC5C2EA944E6657203E0C8EDEAF61 PID: 4 ( 0) System PID: 280 ( 4) smss.exe PID: 408 ( 352) csrss.exe PID: 468 ( 352) wininit.exe size: 96256 PID: 488 ( 476) csrss.exe PID: 524 ( 468) services.exe PID: 544 ( 468) lsass.exe PID: 552 ( 468) lsm.exe PID: 648 ( 524) svchost.exe size: 20992 PID: 716 ( 524) nvvsvc.exe PID: 756 ( 524) svchost.exe size: 20992 PID: 820 ( 524) svchost.exe size: 20992 PID: 856 ( 524) svchost.exe size: 20992 PID: 892 ( 524) svchost.exe size: 20992 PID: 1012 ( 476) winlogon.exe PID: 416 ( 524) svchost.exe size: 20992 PID: 1028 ( 524) svchost.exe size: 20992 PID: 1144 ( 524) AvastSvc.exe PID: 1244 ( 716) nvvsvc.exe PID: 1424 ( 856) C:\Windows\System32\dwm.exe PID: 1448 (1416) C:\Windows\explorer.exe size: 2868224 MD5: C235A51CB740E45FFA0EBFB9BAFCDA64 PID: 1560 (1448) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe size: 8158240 MD5: 08E5D3F98F80E5B7A2E965DFD42C4D21 PID: 1876 (1448) C:\Program Files\Windows Sidebar\sidebar.exe size: 1475072 MD5: 8FC6C4EE0A2D3EBAA70FA38F99141BCE PID: 1924 ( 524) spoolsv.exe PID: 1936 (1448) C:\Windows\System32\StikyNot.exe PID: 1992 ( 524) C:\Windows\System32\taskhost.exe PID: 2020 ( 524) svchost.exe size: 20992 PID: 2280 ( 524) svchost.exe size: 20992 PID: 2352 ( 524) SeaPort.exe PID: 2576 ( 524) nvSCPAPISvr.exe size: 239648 PID: 2684 ( 524) svchost.exe size: 20992 PID: 2828 ( 524) SDWinSec.exe PID: 3468 ( 524) SearchIndexer.exe size: 428032 PID: 5000 ( 524) svchost.exe size: 20992 PID: 5088 ( 524) wmpnetwk.exe --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 12/22/2010 12:40:36 PM HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Google Toolbar HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Google Toolbar HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@ %s - Google Search HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\SysWOW64\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page Bing HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Bing HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- Namespace Provider 3: Shim-provider van e-mailnamen GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE} Filename: Namespace Provider 4: Provider van PNRP-wolknaamruimten GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D} Filename: Namespace Provider 5: Provider van PNRP-naamruimten GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D} Filename: --- Uninstall list --- --- System Services --- Service (registry key): .NET CLR Data Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET CLR Networking Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for Oracle Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for SqlServer Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NETFramework Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): 1394ohci Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: 1394 OHCI Compliant Host Controller Image path: \SystemRoot\system32\DRIVERS\1394ohci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ACPI Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft ACPI Driver Image path: system32\DRIVERS\ACPI.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): AcpiPmi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: ACPI Power Meter Driver Image path: \SystemRoot\system32\DRIVERS\acpipmi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): adp94xx Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\adp94xx.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): adpahci Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\adpahci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): adpu320 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\adpu320.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): adsi Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): AeLookupSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\aelupsvc.dll,-1 Description: @%SystemRoot%\system32\aelupsvc.dll,-2 Object name: localSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): AFD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\afd.sys,-1000 Description: @%systemroot%\system32\drivers\afd.sys,-1000 Image path: \SystemRoot\system32\drivers\afd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): agp440 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Intel AGP Bus Filter Image path: \SystemRoot\system32\DRIVERS\agp440.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ALG Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\Alg.exe,-112 Description: @%SystemRoot%\system32\Alg.exe,-113 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): aliide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\aliide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 3 Service (registry key): amdide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\amdide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 3 Service (registry key): AmdK8 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AMD K8 Processor Driver Image path: \SystemRoot\system32\DRIVERS\amdk8.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): AmdPPM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AMD Processor Driver Image path: \SystemRoot\system32\DRIVERS\amdppm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): amdsata Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\amdsata.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): amdsbs Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\amdsbs.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): amdxata Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: system32\DRIVERS\amdxata.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): AppID Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\appidsvc.dll,-102 Description: @%systemroot%\system32\appidsvc.dll,-103 Image path: \SystemRoot\system32\drivers\appid.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: FltMgr,DisCache Service (registry key): AppIDSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\appidsvc.dll,-100 Description: @%systemroot%\system32\appidsvc.dll,-101 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,AppID,CryptSvc Service (registry key): Appinfo Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\appinfo.dll,-100 Description: @%systemroot%\system32\appinfo.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,ProfSvc Service (registry key): AppMgmt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @appmgmts.dll,-3250 Description: @appmgmts.dll,-3251 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): arc Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\arc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): arcsas Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\arcsas.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): aswFsBlk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: aswFsBlk Description: avast! mini-filter driver (aswFsBlk) Control Set: CurrentControlSet Start: 2 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): aswMonFlt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: aswMonFlt Description: avast! mini-filter driver (aswMonFlt) Image path: \??\C:\Windows\system32\drivers\aswMonFlt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): aswRdr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: aswRdr Description: avast! TDI Redirect driver Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: tcpip Service (registry key): aswSP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: aswSP Description: avast! Self Protection Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): aswTdi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avast! Network Shield Support Description: avast! Network Shield TDI driver Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: tcpip Service (registry key): AsyncMac Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\rascfg.dll,-32000 Description: @%systemroot%\system32\rascfg.dll,-32000 Image path: system32\DRIVERS\asyncmac.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IDE Channel Image path: system32\DRIVERS\atapi.sys Image size: 24128 Image MD5: 02062C0B390B7729EDC9E69C680A6F3C Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): athr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Atheros Extensible Wireless LAN device driver Image path: system32\DRIVERS\athrx.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): AudioEndpointBuilder Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\audiosrv.dll,-204 Description: @%SystemRoot%\System32\audiosrv.dll,-205 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay Service (registry key): AudioSrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\audiosrv.dll,-200 Description: @%SystemRoot%\System32\audiosrv.dll,-201 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: AudioEndpointBuilder,RpcSs,MMCSS Service (registry key): avast! Antivirus Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avast! Antivirus Description: Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. Object name: LocalSystem Image path: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" Image size: 40384 Image MD5: ACB544D7254F366DFB48F380BC36CD25 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: aswMonFlt,RpcSS Service (registry key): avast! Mail Scanner Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avast! Mail Scanner Description: Implements mail scanning for avast! antivirus. Object name: LocalSystem Image path: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" Image size: 40384 Image MD5: ACB544D7254F366DFB48F380BC36CD25 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: "avast! Antivirus" Service (registry key): avast! Web Scanner Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avast! Web Scanner Description: Implements web (HTTP) scanning for avast! antivirus. Object name: LocalSystem Image path: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" Image size: 40384 Image MD5: ACB544D7254F366DFB48F380BC36CD25 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: "avast! Antivirus" Service (registry key): AxInstSV Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\AxInstSV.dll,-103 Description: @%SystemRoot%\system32\AxInstSV.dll,-104 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: rpcss Service (registry key): b06bdrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Broadcom NetXtreme II VBD Image path: \SystemRoot\system32\DRIVERS\bxvbda.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): b57nd60a Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 Image path: system32\DRIVERS\b57nd60a.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BattC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): BDESVC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\bdesvc.dll,-100 Description: @%SystemRoot%\system32\bdesvc.dll,-101 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): Beep Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Beep Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): BFE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\bfe.dll,-1001 Description: @%SystemRoot%\system32\bfe.dll,-1002 Object name: NT AUTHORITY\LocalService Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): BITS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\qmgr.dll,-1000 Description: @%SystemRoot%\system32\qmgr.dll,-1001 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,EventSystem Service (registry key): blbdrive Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: system32\DRIVERS\blbdrive.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): bowser Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\browser.dll,-102 Description: @%systemroot%\system32\browser.dll,-103 Image path: system32\DRIVERS\bowser.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): BrFiltLo Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother USB Mass-Storage Lower Filter Driver Image path: \SystemRoot\system32\DRIVERS\BrFiltLo.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BrFiltUp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother USB Mass-Storage Upper Filter Driver Image path: \SystemRoot\system32\DRIVERS\BrFiltUp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Browser Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\browser.dll,-100 Description: @%systemroot%\system32\browser.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): Brserid Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother MFC Serial Port Interface Driver (WDM) Image path: \SystemRoot\System32\Drivers\Brserid.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BrSerWdm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother WDM Serial driver Image path: \SystemRoot\System32\Drivers\BrSerWdm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BrUsbMdm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother MFC USB Fax Only Modem Image path: \SystemRoot\System32\Drivers\BrUsbMdm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BrUsbSer Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother MFC USB Serial WDM Driver Image path: \SystemRoot\System32\Drivers\BrUsbSer.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BTHMODEM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Bluetooth Serial Communications Driver Image path: \SystemRoot\system32\DRIVERS\bthmodem.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BTHPORT Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): bthserv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\bthserv.dll,-101 Description: @%SystemRoot%\System32\bthserv.dll,-102 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): catchme Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \??\C:\ComboFix\catchme.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): cdfs Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: CD/DVD File System Reader Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces) Image path: system32\DRIVERS\cdfs.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): cdrom Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: CD-ROM Driver Image path: system32\DRIVERS\cdrom.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): CertPropSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\certprop.dll,-11 Description: @%SystemRoot%\System32\certprop.dll,-12 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): circlass Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Consumer IR Devices Image path: system32\DRIVERS\circlass.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): CLFS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\clfs.sys,-100 Description: @%SystemRoot%\system32\clfs.sys,-101 Image path: System32\CLFS.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): clr_optimization_v2.0.50727_32 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft .NET Framework NGEN v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Object name: LocalSystem Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Image size: 66384 Image MD5: D88040F816FDA31C3B466F0FA0918F29 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 0 Service (registry key): clr_optimization_v2.0.50727_64 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft .NET Framework NGEN v2.0.50727_X64 Description: Microsoft .NET Framework NGEN Object name: LocalSystem Image path: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe Image size: 89920 Image MD5: D1CEEA2B47CB998321C579651CE3E4F8 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 0 Service (registry key): CmBatt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft ACPI Control Method Battery Driver Image path: \SystemRoot\system32\DRIVERS\CmBatt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): cmdide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\cmdide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 3 Service (registry key): CNG Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\Drivers\cng.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): Compbatt Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\compbatt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 3 Service (registry key): CompositeBus Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Composite Bus Enumerator Driver Image path: system32\DRIVERS\CompositeBus.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): COMSysApp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @comres.dll,-947 Description: @comres.dll,-948 Object name: LocalSystem Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Image size: 7168 Image MD5: A63DC5C2EA944E6657203E0C8EDEAF61 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RpcSs,EventSystem,SENS Service (registry key): crcdisk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Crcdisk Filter Driver Image path: \SystemRoot\system32\DRIVERS\crcdisk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): crypt32 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): CryptSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001 Description: @%SystemRoot%\system32\cryptsvc.dll,-1002 Object name: NT Authority\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): CSC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\cscsvc.dll,-202 Description: @%systemroot%\system32\cscsvc.dll,-203 Image path: system32\drivers\csc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: rdbss Service (registry key): CscService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\cscsvc.dll,-200 Description: @%systemroot%\system32\cscsvc.dll,-201 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): DCLocator Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): DcomLaunch Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @oleres.dll,-5012 Description: @oleres.dll,-5013 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): defragsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\defragsvc.dll,-101 Description: @%SystemRoot%\system32\defragsvc.dll,-102 Object name: localSystem Image path: %SystemRoot%\system32\svchost.exe -k defragsvc Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): DfsC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\dfsc.sys,-101 Description: @%systemroot%\system32\drivers\dfsc.sys,-102 Image path: System32\Drivers\dfsc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Depends On services: Mup Service (registry key): Dhcp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\dhcpcore.dll,-100 Description: @%SystemRoot%\system32\dhcpcore.dll,-101 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: NSI,Tdx,Afd Service (registry key): discache Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\discache.sys,-102 Description: @%systemroot%\system32\drivers\discache.sys,-101 Image path: System32\drivers\discache.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): Disk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Disk Driver Image path: system32\DRIVERS\disk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): Dnscache Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\dnsapi.dll,-101 Description: @%SystemRoot%\System32\dnsapi.dll,-102 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Tdx,nsi Service (registry key): dot3svc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\dot3svc.dll,-1102 Description: @%systemroot%\system32\dot3svc.dll,-1103 Object name: localSystem Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,Ndisuio,Eaphost Service (registry key): DPS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\dps.dll,-500 Description: @%systemroot%\system32\dps.dll,-501 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): drmkaud Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Trusted Audio Drivers Image path: system32\drivers\drmkaud.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): DXGKrnl Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: LDDM Graphics Subsystem Description: Controls the underlying video driver stacks to provide fully-featured display capabilities. Image path: \SystemRoot\System32\drivers\dxgkrnl.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): EapHost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\eapsvc.dll,-1 Description: @%systemroot%\system32\eapsvc.dll,-2 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS,KeyIso Service (registry key): ebdrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Broadcom NetXtreme II 10 GigE VBD Image path: \SystemRoot\system32\DRIVERS\evbda.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): EFS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\efssvc.dll,-100 Description: @%SystemRoot%\system32\efssvc.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\System32\lsass.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): ehRecvr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101 Description: @%SystemRoot%\ehome\ehrecvr.exe,-102 Object name: NT AUTHORITY\networkService Image path: %systemroot%\ehome\ehRecvr.exe Image size: 696832 Image MD5: B91D81B3B54A54CCAFC03733DBC2E29E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 0 Depends On services: RPCSS Service (registry key): ehSched Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\ehome\ehsched.exe,-101 Description: @%SystemRoot%\ehome\ehsched.exe,-102 Object name: NT AUTHORITY\networkService Image path: %systemroot%\ehome\ehsched.exe Image size: 127488 Image MD5: 4705E8EF9934482C5BB488CE28AFC681 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 0 Depends On services: RPCSS Service (registry key): elxstor Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\elxstor.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ErrDev Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Hardware Error Device Driver Image path: \SystemRoot\system32\DRIVERS\errdev.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ESENT Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): eventlog Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\wevtsvc.dll,-200 Description: @%SystemRoot%\system32\wevtsvc.dll,-201 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): EventSystem Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @comres.dll,-2450 Description: @comres.dll,-2451 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: rpcss Service (registry key): exfat Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: exFAT File System Driver Description: exFAT File System Driver Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): fastfat Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: FAT12/16/32 File System Driver Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces) Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): Fax Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\fxsresm.dll,-118 Description: @%systemroot%\system32\fxsresm.dll,-122 Object name: NT AUTHORITY\NetworkService Image path: %systemroot%\system32\fxssvc.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler Service (registry key): fdc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Floppy Disk Controller Driver Image path: \SystemRoot\system32\DRIVERS\fdc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): fdPHost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\fdPHost.dll,-100 Description: @%systemroot%\system32\fdPHost.dll,-101 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,http Service (registry key): FDResPub Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\fdrespub.dll,-100 Description: @%systemroot%\system32\fdrespub.dll,-101 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,http Service (registry key): FileInfo Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\fileinfo.sys,-100 Description: @%SystemRoot%\system32\drivers\fileinfo.sys,-101 Image path: system32\drivers\fileinfo.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 2 Error Control: 1 Depends On services: fltmgr Service (registry key): Filetrace Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\filetrace.sys,-10001 Description: @%SystemRoot%\system32\drivers\filetrace.sys,-10000 Image path: system32\drivers\filetrace.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): flpydisk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Floppy Disk Driver Image path: \SystemRoot\system32\DRIVERS\flpydisk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): FltMgr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 Description: @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 Image path: system32\drivers\fltmgr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 2 Error Control: 3 Service (registry key): FontCache Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\FntCache.dll,-100 Description: @%systemroot%\system32\FntCache.dll,-101 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): FontCache3.0.0.0 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309 Description: @%SystemRoot%\system32\PresentationHost.exe,-3310 Object name: NT Authority\LocalService Image path: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe Image size: 42840 Image MD5: 8D89E3131C27FDD6932189CB785E1B7A Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): FsDepends Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\fsdepends.sys,-10001 Description: @%SystemRoot%\system32\drivers\fsdepends.sys,-10000 Image path: System32\drivers\FsDepends.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 3 Depends On services: fltmgr Service (registry key): Fs_Rec Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 8 Error Control: 0 Service (registry key): fvevol Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\fvevol.sys,-100 Description: @%SystemRoot%\system32\drivers\fvevol.sys,-100 Image path: System32\DRIVERS\fvevol.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): gagp30kx Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms Image path: \SystemRoot\system32\DRIVERS\gagp30kx.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): gpsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @gpapi.dll,-112 Description: @gpapi.dll,-113 Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS,Mup Service (registry key): gupdate Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Google Updateservice (gupdate) Description: Zorgt ervoor dat u altijd beschikt over de nieuwste Google-software. Als deze service wordt uitgeschakeld of afgebroken, wordt uw Google-software niet bijgewerkt. Hierdoor kunnen beveiligingsrisico's mogelijk niet worden verholpen of kunnen bepaalde functies niet functioneren. Deze taak verwijdert zichzelf wanneer er geen Google-software is die er gebruik van maakt. Object name: LocalSystem Image path: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc Image size: 136176 Image MD5: F02A533F517EB38333CB12A9E8963773 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): gusvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Google Updater Service Object name: LocalSystem Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" Image size: 136120 Image MD5: C1B577B2169900F4CF7190C39F085794 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 0 Depends On services: RPCSS Service (registry key): hcw85cir Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Hauppauge Consumer Infrared Receiver Image path: \SystemRoot\system32\drivers\hcw85cir.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): HdAudAddService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft 1.1 UAA Function Driver for High Definition Audio Service Image path: system32\drivers\HdAudio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): HDAudBus Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft UAA Bus Driver for High Definition Audio Image path: system32\DRIVERS\HDAudBus.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): HidBatt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: HID UPS Battery Driver Image path: \SystemRoot\system32\DRIVERS\HidBatt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): HidBth Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Bluetooth HID Miniport Image path: \SystemRoot\system32\DRIVERS\hidbth.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): HidIr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Infrared HID Driver Image path: system32\DRIVERS\hidir.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): hidserv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\hidserv.dll,-101 Description: @%SystemRoot%\System32\hidserv.dll,-102 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): HidUsb Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft HID Class Driver Image path: system32\DRIVERS\hidusb.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): hkmsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\kmsvc.dll,-6 Description: @%SystemRoot%\system32\kmsvc.dll,-7 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): HomeGroupListener Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\ListSvc.dll,-100 Description: @%SystemRoot%\System32\ListSvc.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanServer Service (registry key): HomeGroupProvider Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\provsvc.dll,-100 Description: @%SystemRoot%\System32\provsvc.dll,-101 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: netprofm,fdrespub,fdphost Service (registry key): HpSAMD Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\HpSAMD.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): HTTP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\http.sys,-1 Description: @%SystemRoot%\system32\drivers\http.sys,-2 Image path: system32\drivers\HTTP.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): hwpolicy Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\hwpolicy.sys,-101 Description: @%systemroot%\system32\drivers\hwpolicy.sys,-102 Image path: System32\drivers\hwpolicy.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): i8042prt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: i8042 Keyboard and PS/2 Mouse Port Driver Image path: \SystemRoot\system32\DRIVERS\i8042prt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): iaStorV Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\iaStorV.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): idsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193 Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192 Object name: LocalSystem Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" Image size: 856384 Image MD5: 2F2BE70D3E02B6FA877921AB9516D43C Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): iirsp Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\iirsp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): IKEEXT Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\ikeext.dll,-501 Description: @%SystemRoot%\system32\ikeext.dll,-502 Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: BFE Service (registry key): inetaccs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): IntcAzAudAddService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service for Realtek HD Audio (WDM) Image path: system32\drivers\RTKVHD64.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): intelide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\intelide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 3 Service (registry key): intelppm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Intel Processor Driver Image path: system32\DRIVERS\intelppm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): IPBusEnum Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\IPBusEnum.dll,-102 Description: @%systemroot%\system32\IPBusEnum.dll,-103 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,fdPHost Service (registry key): IpFilterDriver Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\rascfg.dll,-32013 Description: @%systemroot%\system32\rascfg.dll,-32013 Image path: system32\DRIVERS\ipfltdrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): iphlpsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\iphlpsvc.dll,-500 Description: @%SystemRoot%\system32\iphlpsvc.dll,-501 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi Service (registry key): IPMIDRV Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\IPMIDrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): IPNAT Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: IP Network Address Translator Image path: System32\drivers\ipnat.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): IRENUM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\irenum.sys,-100 Description: @%SystemRoot%\system32\drivers\irenum.sys,-101 Image path: system32\drivers\irenum.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): isapnp Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\isapnp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 3 Service (registry key): iScsiPrt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: iScsiPort Driver Image path: \SystemRoot\system32\DRIVERS\msiscsi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): kbdclass Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Keyboard Class Driver Image path: system32\DRIVERS\kbdclass.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): kbdhid Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Keyboard HID Driver Image path: system32\DRIVERS\kbdhid.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): KeyIso Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @keyiso.dll,-100 Description: @keyiso.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): KSecDD Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\Drivers\ksecdd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): KSecPkg Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\Drivers\ksecpkg.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): ksthunk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Kernel Streaming Thunks Image path: \SystemRoot\system32\drivers\ksthunk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): KtmRm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @comres.dll,-2946 Description: @comres.dll,-2947 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS,SamSS Service (registry key): LanmanServer Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\srvsvc.dll,-100 Description: @%systemroot%\system32\srvsvc.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: SamSS,Srv Service (registry key): LanmanWorkstation Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wkssvc.dll,-100 Description: @%systemroot%\system32\wkssvc.dll,-101 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI Service (registry key): ldap Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): LHidFilt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Logitech SetPoint KMDF HID Filter Driver Image path: system32\DRIVERS\LHidFilt.Sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): LHidKe Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): lltdio Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Link-Layer Topology Discovery Mapper I/O Driver Image path: system32\DRIVERS\lltdio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 1 Error Control: 1 Service (registry key): lltdsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\lltdres.dll,-1 Description: @%SystemRoot%\system32\lltdres.dll,-2 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: rpcss,lltdio Service (registry key): lmhosts Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\lmhsvc.dll,-101 Description: @%SystemRoot%\system32\lmhsvc.dll,-102 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: NetBT,Afd Service (registry key): LMouFilt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Logitech SetPoint KMDF Mouse Filter Driver Image path: system32\DRIVERS\LMouFilt.Sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Lsa Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): LSI_FC Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\lsi_fc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): LSI_SAS Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\lsi_sas.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): LSI_SAS2 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\lsi_sas2.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): LSI_SCSI Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\lsi_scsi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): luafv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\luafv.sys,-100 Description: @%systemroot%\system32\drivers\luafv.sys,-101 Image path: \SystemRoot\system32\drivers\luafv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): LUsbFilt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Logitech SetPoint KMDF USB Filter Image path: System32\Drivers\LUsbFilt.Sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): Mcx2Svc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\ehome\ehres.dll,-15501 Description: @%SystemRoot%\ehome\ehres.dll,-15502 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost Service (registry key): megasas Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\megasas.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MegaSR Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\MegaSR.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MMCSS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\mmcss.dll,-100 Description: @%systemroot%\system32\mmcss.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): Modem Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: system32\drivers\modem.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): monitor Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Monitor Class Function Driver Service Image path: system32\DRIVERS\monitor.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): mouclass Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Mouse Class Driver Image path: system32\DRIVERS\mouclass.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): mouhid Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Mouse HID Driver Image path: system32\DRIVERS\mouhid.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): mountmgr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\mountmgr.sys,-100 Description: @%SystemRoot%\system32\drivers\mountmgr.sys,-101 Image path: System32\drivers\mountmgr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): mpio Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\mpio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): mpsdrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092 Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093 Image path: System32\drivers\mpsdrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MpsSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090 Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: mpsdrv,bfe Service (registry key): MRxDAV Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\webclnt.dll,-104 Description: @%systemroot%\system32\webclnt.dll,-105 Image path: \SystemRoot\system32\drivers\mrxdav.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Depends On services: rdbss Service (registry key): mrxsmb Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wkssvc.dll,-1002 Description: @%systemroot%\system32\wkssvc.dll,-1003 Image path: system32\DRIVERS\mrxsmb.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Depends On services: rdbss Service (registry key): mrxsmb10 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wkssvc.dll,-1004 Description: @%systemroot%\system32\wkssvc.dll,-1005 Image path: system32\DRIVERS\mrxsmb10.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Depends On services: mrxsmb Service (registry key): mrxsmb20 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wkssvc.dll,-1006 Description: @%systemroot%\system32\wkssvc.dll,-1007 Image path: system32\DRIVERS\mrxsmb20.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Depends On services: mrxsmb Service (registry key): msahci Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\msahci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 3 Service (registry key): msdsm Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\msdsm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MSDTC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @comres.dll,-2797 Description: @comres.dll,-2798 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\msdtc.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS,SamSS Service (registry key): MSDTC Bridge 3.0.0.0 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Msfs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Service (registry key): mshidkmdf Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100 Description: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-101 Image path: \SystemRoot\System32\drivers\mshidkmdf.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): msisadrv Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: system32\DRIVERS\msisadrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): MSiSCSI Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000 Description: @%SystemRoot%\system32\iscsidsc.dll,-5001 Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): msiserver Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\msimsg.dll,-27 Description: @%SystemRoot%\system32\msimsg.dll,-32 Object name: LocalSystem Image path: %systemroot%\system32\msiexec.exe /V Image size: 73216 Image MD5: A8492E3929E7B981DA541286709C8479 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: rpcss Service (registry key): MSKSSRV Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Streaming Service Proxy Image path: system32\drivers\MSKSSRV.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPCLOCK Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Streaming Clock Proxy Image path: system32\drivers\MSPCLOCK.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MSPQM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Streaming Quality Manager Proxy Image path: system32\drivers\MSPQM.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MsRPC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MSSCNTRS Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): mssmbios Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft System Management BIOS Driver Image path: system32\DRIVERS\mssmbios.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): MSTEE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Streaming Tee/Sink-to-Sink Converter Image path: system32\drivers\MSTEE.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): MTConfig Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Input Configuration Driver Image path: \SystemRoot\system32\DRIVERS\MTConfig.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Mup Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\mup.sys,-101 Description: @%systemroot%\system32\drivers\mup.sys,-102 Image path: System32\Drivers\mup.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 2 Error Control: 1 Service (registry key): napagent Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\qagentrt.dll,-6 Description: @%SystemRoot%\system32\qagentrt.dll,-7 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): NativeWifiP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NativeWiFi Filter Image path: system32\DRIVERS\nwifi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NDIS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\ndis.sys,-200 Description: @%SystemRoot%\system32\drivers\ndis.sys,-201 Image path: system32\drivers\ndis.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): NdisCap Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NDIS Capture LightWeight Filter Description: NDIS Capture LightWeight Filter Image path: system32\DRIVERS\ndiscap.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NdisTapi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\rascfg.dll,-32001 Description: @%systemroot%\system32\rascfg.dll,-32001 Image path: system32\DRIVERS\ndistapi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Ndisuio Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NDIS Usermode I/O Protocol Image path: system32\DRIVERS\ndisuio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NdisWan Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\rascfg.dll,-32002 Description: @%systemroot%\system32\rascfg.dll,-32002 Image path: system32\DRIVERS\ndiswan.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NDProxy Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NetBIOS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NetBIOS Interface Description: NetBIOS Interface Image path: system32\DRIVERS\netbios.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Service (registry key): NetBT Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\netbt.sys,-2 Description: @%SystemRoot%\system32\drivers\netbt.sys,-1 Image path: System32\DRIVERS\netbt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: Tdx,tcpip Service (registry key): Netlogon Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\netlogon.dll,-102 Description: @%SystemRoot%\System32\netlogon.dll,-103 Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation Service (registry key): Netman Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\netman.dll,-109 Description: @%SystemRoot%\system32\netman.dll,-110 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,nsi Service (registry key): netprofm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\netprofm.dll,-202 Description: @%SystemRoot%\system32\netprofm.dll,-203 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,nlasvc Service (registry key): NetTcpPortSharing Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201 Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200 Object name: NT AUTHORITY\LocalService Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" Image size: 116560 Image MD5: 3E5A36127E201DDF663176B66828FAFE Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Service (registry key): nfrd960 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\nfrd960.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NlaSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\nlasvc.dll,-1 Description: @%SystemRoot%\System32\nlasvc.dll,-2 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: NSI,RpcSs,TcpIp Service (registry key): Npfs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Service (registry key): nsi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\nsisvc.dll,-200 Description: @%SystemRoot%\system32\nsisvc.dll,-201 Object name: NT Authority\LocalService Image path: %systemroot%\system32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: nsiproxy Service (registry key): nsiproxy Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2 Description: @%SystemRoot%\system32\drivers\nsiproxy.sys,-1 Image path: system32\drivers\nsiproxy.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): NTDS Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Ntfs Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): Null Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): nuviocir Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Nuvoton W836x7HG CIR Device Driver Image path: system32\DRIVERS\nuviocir_win7_x64.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NVENETFD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NVIDIA nForce Networking Controller Driver Image path: system32\DRIVERS\nvm62x64.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): NVHDA Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service for NVIDIA High Definition Audio Driver Image path: system32\drivers\nvhda64v.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): nvlddmkm Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: system32\DRIVERS\nvlddmkm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): NVNET Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NVIDIA nForce 10/100/1000 Mbps Ethernet Image path: system32\DRIVERS\nvmf6264.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): nvraid Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\nvraid.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): nvsmu Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: system32\DRIVERS\nvsmu.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): nvstor Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\nvstor.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 3 Service (registry key): nvsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NVIDIA Display Driver Service Description: Provides system and desktop level support to the NVIDIA display driver Object name: LocalSystem Image path: C:\Windows\system32\nvvsvc.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 0 Depends On services: nvlddmkm Service (registry key): nv_agp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NVIDIA nForce AGP Bus Filter Image path: \SystemRoot\system32\DRIVERS\nv_agp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ohci1394 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: 1394 OHCI Compliant Host Controller (Legacy) Image path: \SystemRoot\system32\DRIVERS\ohci1394.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): p2pimsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8004 Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): p2psvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\p2psvc.dll,-8006 Description: @%SystemRoot%\system32\p2psvc.dll,-8007 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: p2pimsvc,PNRPSvc Service (registry key): Parport Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Parallel port driver Image path: \SystemRoot\system32\DRIVERS\parport.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): partmgr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\partmgr.sys,-100 Description: @%SystemRoot%\system32\drivers\partmgr.sys,-101 Image path: System32\drivers\partmgr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): PcaSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\pcasvc.dll,-1 Description: @%SystemRoot%\system32\pcasvc.dll,-2 Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): pccsmcfd Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: PCCS Mode Change Filter Driver Image path: system32\DRIVERS\pccsmcfdx64.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): pci Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: PCI Bus Driver Image path: system32\DRIVERS\pci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): pciide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: system32\DRIVERS\pciide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): pcmcia Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\pcmcia.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): pcw Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Performance Counters for Windows Driver Image path: System32\drivers\pcw.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): PEAUTH Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: PEAUTH Image path: system32\drivers\peauth.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 1 Error Control: 1 Service (registry key): PeerDistSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\peerdistsvc.dll,-9000 Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k PeerDist Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: http Service (registry key): PerfDisk Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfHost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\sysWow64\perfhost.exe,-2 Description: @%systemroot%\SysWow64\perfhost.exe,-1 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\SysWow64\perfhost.exe Image size: 20992 Image MD5: E495E408C93141E8FC72DC0C6046DDFA Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): PerfNet Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfOS Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): PerfProc Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): pla Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\pla.dll,-500 Description: @%systemroot%\system32\pla.dll,-501 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): PlugPlay Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100 Description: @%SystemRoot%\system32\umpnpmgr.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): PNRPAutoReg Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\pnrpauto.dll,-8002 Description: @%SystemRoot%\system32\pnrpauto.dll,-8003 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: pnrpsvc Service (registry key): PNRPsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8000 Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: p2pimsvc Service (registry key): PolicyAgent Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\polstore.dll,-5010 Description: @%SystemRoot%\system32\polstore.dll,-5011 Object name: NT Authority\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: Tcpip,bfe Service (registry key): PortProxy Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): Power Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\umpo.dll,-100 Description: @%SystemRoot%\system32\umpo.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): PptpMiniport Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\rascfg.dll,-32006 Description: @%systemroot%\system32\rascfg.dll,-32006 Image path: system32\DRIVERS\raspptp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Processor Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Processor Driver Image path: \SystemRoot\system32\DRIVERS\processr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ProfSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\profsvc.dll,-300 Description: @%systemroot%\system32\profsvc.dll,-301 Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): ProtectedStorage Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\psbase.dll,-300 Description: @%systemroot%\system32\psbase.dll,-301 Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Psched Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101 Description: @%SystemRoot%\System32\drivers\pacer.sys,-101 Image path: system32\DRIVERS\pacer.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): ql2300 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\ql2300.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ql40xx Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\ql40xx.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): QWAVE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\qwave.dll,-1 Description: @%SystemRoot%\system32\qwave.dll,-2 Object name: NT AUTHORITY\LocalService Image path: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: rpcss,psched,QWAVEdrv,LLTDIO Service (registry key): QWAVEdrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1 Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2 Image path: \SystemRoot\system32\drivers\qwavedrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): RasAcd Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Access Auto Connection Driver Description: Remote Access Auto Connection Driver Image path: System32\DRIVERS\rasacd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): RasAgileVpn Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WAN Miniport (IKEv2) Description: WAN Miniport (IKEv2) Image path: system32\DRIVERS\AgileVpn.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): RasAuto Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%Systemroot%\system32\rasauto.dll,-200 Description: @%Systemroot%\system32\rasauto.dll,-201 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RasMan,TapiSrv,RasAcd Service (registry key): Rasl2tp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\rascfg.dll,-32005 Description: @%systemroot%\system32\rascfg.dll,-32005 Image path: system32\DRIVERS\rasl2tp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): RasMan Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%Systemroot%\system32\rasmans.dll,-200 Description: @%Systemroot%\system32\rasmans.dll,-201 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: Tapisrv,SstpSvc Service (registry key): RasPppoe Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\rascfg.dll,-32007 Description: @%systemroot%\system32\rascfg.dll,-32007 Image path: system32\DRIVERS\raspppoe.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): RasSstp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\sstpsvc.dll,-202 Description: @%systemroot%\system32\sstpsvc.dll,-202 Image path: system32\DRIVERS\rassstp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): rdbss Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wkssvc.dll,-1000 Description: @%systemroot%\system32\wkssvc.dll,-1001 Image path: system32\DRIVERS\rdbss.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Depends On services: Mup Service (registry key): rdpbus Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Remote Desktop Device Redirector Bus Driver Image path: system32\DRIVERS\rdpbus.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): RDPCDD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100 Description: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-101 Image path: System32\DRIVERS\RDPCDD.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): RDPDD Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): RDPDR Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Terminal Server Device Redirector Driver Image path: System32\drivers\rdpdr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: RDBSS Service (registry key): RDPENCDD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\RDPENCDD.sys,-101 Description: @%systemroot%\system32\drivers\RDPENCDD.sys,-100 Image path: system32\drivers\rdpencdd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): RDPNP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drprov.dll,-100 Description: @%systemroot%\system32\drprov.dll,-101 Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): RDPREFMP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\RdpRefMp.sys,-101 Description: @%systemroot%\system32\drivers\RdpRefMp.sys,-100 Image path: system32\drivers\rdprefmp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): RDPWD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: RDP Winstation Driver Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): rdyboost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: ReadyBoost Description: ReadyBoost Image path: System32\drivers\rdyboost.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): RemoteAccess Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%Systemroot%\system32\mprdim.dll,-200 Description: @%Systemroot%\system32\mprdim.dll,-201 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 4 Type: 32 Error Control: 1 Depends On services: RpcSS,Bfe,RasMan,Http Depends On group: NetBIOSGroup Service (registry key): RemoteRegistry Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @regsvc.dll,-1 Description: @regsvc.dll,-2 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k regsvc Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): RpcEptMapper Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%windir%\system32\RpcEpMap.dll,-1001 Description: @%windir%\system32\RpcEpMap.dll,-1002 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k RPCSS Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): RpcLocator Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\Locator.exe,-2 Description: @%systemroot%\system32\Locator.exe,-3 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\locator.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): RpcSs Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @oleres.dll,-5010 Description: @oleres.dll,-5011 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k rpcss Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcEptMapper,DcomLaunch Service (registry key): rspndr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Link-Layer Topology Discovery Responder Image path: system32\DRIVERS\rspndr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 1 Error Control: 1 Service (registry key): s3cap Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\vms3cap.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): SamSs Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\samsrv.dll,-1 Description: @%SystemRoot%\system32\samsrv.dll,-2 Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS Service (registry key): sbp2port Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\sbp2port.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): SBSDWSCService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: SBSD Security Center Service Object name: LocalSystem Image path: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe Image size: 1153368 Image MD5: 794D4B48DFB6E999537C7C3947863463 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: wscsvc Service (registry key): SCardSvr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\SCardSvr.dll,-1 Description: @%SystemRoot%\System32\SCardSvr.dll,-5 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: PlugPlay Service (registry key): scfilter Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\drivers\scfilter.sys,-11 Description: @%SystemRoot%\System32\drivers\scfilter.sys,-12 Image path: System32\DRIVERS\scfilter.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Schedule Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\schedsvc.dll,-100 Description: @%SystemRoot%\system32\schedsvc.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RPCSS,EventLog Service (registry key): SCPolicySvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\certprop.dll,-13 Description: @%SystemRoot%\System32\certprop.dll,-14 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): SDRSVC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\sdrsvc.dll,-107 Description: @%SystemRoot%\system32\sdrsvc.dll,-102 Object name: localSystem Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): SeaPort Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: SeaPort Description: Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly. Object name: LocalSystem Image path: "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" Image size: 240512 Image MD5: 271077B91D7AD1B616F8AFDFE8E3F981 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): secdrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Security Driver Control Set: CurrentControlSet Start: 2 Type: 1 Error Control: 1 Service (registry key): seclogon Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\seclogon.dll,-7001 Description: @%SystemRoot%\system32\seclogon.dll,-7000 Object name: LocalSystem Image path: %windir%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): SENS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\Sens.dll,-200 Description: @%SystemRoot%\system32\Sens.dll,-201 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: EventSystem Service (registry key): SensrSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\sensrsvc.dll,-1000 Description: @%SystemRoot%\System32\sensrsvc.dll,-1001 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): Serenum Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Serenum Filter Driver Image path: \SystemRoot\system32\DRIVERS\serenum.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Serial Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\serial.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): sermouse Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Serial Mouse Driver Image path: \SystemRoot\system32\DRIVERS\sermouse.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): ServiceLayer Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: ServiceLayer Object name: LocalSystem Image path: "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" Image size: 430592 Image MD5: 9D38320BB32230349379DF5DDBBF7FCE Control Set: CurrentControlSet Start: 3 Type: 272 Error Control: 1 Depends On services: RPCSS Service (registry key): ServiceModelEndpoint 3.0.0.0 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): ServiceModelOperation 3.0.0.0 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): ServiceModelService 3.0.0.0 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): SessionEnv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\SessEnv.dll,-1026 Description: @%SystemRoot%\System32\SessEnv.dll,-1027 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS,LanmanWorkstation Service (registry key): sffdisk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: SFF Storage Class Driver Image path: \SystemRoot\system32\DRIVERS\sffdisk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): sffp_mmc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: SFF Storage Protocol Driver for MMC Image path: \SystemRoot\system32\DRIVERS\sffp_mmc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): sffp_sd Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: SFF Storage Protocol Driver for SDBus Image path: \SystemRoot\system32\DRIVERS\sffp_sd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): sfloppy Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: High-Capacity Floppy Disk Drive Image path: \SystemRoot\system32\DRIVERS\sfloppy.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): SharedAccess Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\ipnathlp.dll,-106 Description: @%SystemRoot%\system32\ipnathlp.dll,-107 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Netman,WinMgmt,RasMan,BFE Service (registry key): ShellHWDetection Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\shsvcs.dll,-12288 Description: @%SystemRoot%\System32\shsvcs.dll,-12289 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 0 Depends On services: RpcSs Service (registry key): SiSRaid2 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\SiSRaid2.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): SiSRaid4 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\sisraid4.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Smb Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005 Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006 Image path: system32\DRIVERS\smb.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): SMSvcHost 3.0.0.0 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): SNMPTRAP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\snmptrap.exe,-3 Description: @%SystemRoot%\system32\snmptrap.exe,-4 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\snmptrap.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): spldr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Security Processor Loader Driver Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): Spooler Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\spoolsv.exe,-1 Description: @%systemroot%\system32\spoolsv.exe,-2 Object name: LocalSystem Image path: %SystemRoot%\System32\spoolsv.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 272 Error Control: 1 Depends On services: RPCSS,http Service (registry key): sppsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\sppsvc.exe,-101 Description: @%SystemRoot%\system32\sppsvc.exe,-100 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\sppsvc.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: RpcSs Service (registry key): sppuinotify Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\sppuinotify.dll,-103 Description: @%SystemRoot%\system32\sppuinotify.dll,-102 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: EventSystem Service (registry key): srv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\srvsvc.dll,-102 Description: @%systemroot%\system32\srvsvc.dll,-103 Image path: System32\DRIVERS\srv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Depends On services: srv2 Service (registry key): srv2 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\srvsvc.dll,-104 Description: @%systemroot%\system32\srvsvc.dll,-105 Image path: System32\DRIVERS\srv2.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Depends On services: srvnet Service (registry key): srvnet Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: System32\DRIVERS\srvnet.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): SSDPSRV Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\ssdpsrv.dll,-100 Description: @%systemroot%\system32\ssdpsrv.dll,-101 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP Service (registry key): SstpSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\sstpsvc.dll,-200 Description: @%SystemRoot%\system32\sstpsvc.dll,-201 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): Stereo Service Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: NVIDIA Stereoscopic 3D Driver Service Description: Provides system support for NVIDIA Stereoscopic 3D driver Object name: LocalSystem Image path: C:\Windows\SysWOW64\nvSCPAPISvr.exe Image size: 239648 Image MD5: 840926625809FAC54263DF1A000F85F6 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): stexstor Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\stexstor.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): stisvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\wiaservc.dll,-9 Description: @%SystemRoot%\system32\wiaservc.dll,-10 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k imgsvc Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: RpcSs,ShellHWDetection Service (registry key): storflt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\vmstorfltres.dll,-1000 Image path: system32\DRIVERS\vmstorfl.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): storvsc Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\storvsc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): swenum Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Software Bus Driver Image path: system32\DRIVERS\swenum.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): swprv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\swprv.dll,-103 Description: @%SystemRoot%\System32\swprv.dll,-102 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k swprv Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): SysMain Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\sysmain.dll,-1000 Description: @%SystemRoot%\system32\sysmain.dll,-1001 Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 0 Depends On services: rpcss,fileinfo Service (registry key): TabletInputService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\TabSvc.dll,-100 Description: @%SystemRoot%\system32\TabSvc.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): TapiSrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\tapisrv.dll,-10100 Description: @%SystemRoot%\system32\tapisrv.dll,-10101 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs Service (registry key): TBS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\tbssvc.dll,-100 Description: @%SystemRoot%\system32\tbssvc.dll,-101 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): Tcpip Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003 Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003 Image path: System32\drivers\tcpip.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): TCPIP6 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft IPv6 Protocol Driver Description: Microsoft IPv6 Protocol Driver Image path: system32\DRIVERS\tcpip.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): TCPIP6TUNNEL Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): tcpipreg Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: TCP/IP Registry Compatibility Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality. Image path: System32\drivers\tcpipreg.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 1 Error Control: 1 Depends On services: tcpip Service (registry key): TCPIPTUNNEL Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): TDPIPE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: TDPIPE Image path: system32\drivers\tdpipe.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): TDTCP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: TDTCP Image path: system32\drivers\tdtcp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): tdx Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004 Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004 Image path: system32\DRIVERS\tdx.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: Tcpip Service (registry key): TermDD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Terminal Device Driver Image path: system32\DRIVERS\termdd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): TermService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\termsrv.dll,-268 Description: @%SystemRoot%\System32\termsrv.dll,-267 Object name: NT Authority\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS,TermDD Service (registry key): TFsExDisk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: TFsExDisk Description: TFsExDisk Image path: \??\C:\Windows\System32\Drivers\TFsExDisk.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): Themes Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\themeservice.dll,-8192 Description: @%SystemRoot%\System32\themeservice.dll,-8193 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): THREADORDER Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\mmcss.dll,-102 Description: @%systemroot%\system32\mmcss.dll,-103 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): TPM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: TPM Description: TPM Driver Image path: system32\drivers\tpm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): TrkWks Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\trkwks.dll,-1 Description: @%SystemRoot%\system32\trkwks.dll,-2 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): TrustedInstaller Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101 Object name: localSystem Image path: %SystemRoot%\servicing\TrustedInstaller.exe Image size: 194048 Image MD5: 840F7FB849F5887A49BA18C13B2DA920 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): TSDDD Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): tssecsrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101 Description: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102 Image path: System32\DRIVERS\tssecsrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): tunnel Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Tunnel Miniport Adapter Driver Image path: system32\DRIVERS\tunnel.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): uagp35 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft AGPv3.5 Filter Image path: \SystemRoot\system32\DRIVERS\uagp35.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): udfs Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: udfs Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces) Image path: system32\DRIVERS\udfs.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Service (registry key): UGatherer Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): UGTHRSVC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): UI0Detect Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\ui0detect.exe,-101 Description: @%SystemRoot%\system32\ui0detect.exe,-102 Object name: LocalSystem Image path: %SystemRoot%\system32\UI0Detect.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 272 Error Control: 1 Service (registry key): uliagpkx Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Uli AGP Bus Filter Image path: \SystemRoot\system32\DRIVERS\uliagpkx.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): umbus Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: UMBus Enumerator Driver Image path: system32\DRIVERS\umbus.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): UmPass Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft UMPass Driver Image path: \SystemRoot\system32\DRIVERS\umpass.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): UmRdpService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\umrdp.dll,-1000 Description: @%SystemRoot%\system32\umrdp.dll,-1001 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: TermService,RDPDR Service (registry key): upnphost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\upnphost.dll,-213 Description: @%systemroot%\system32\upnphost.dll,-214 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: SSDPSRV,HTTP Service (registry key): usbccgp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft USB Generic Parent Driver Image path: system32\DRIVERS\usbccgp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): usbcir Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: eHome Infrared Receiver (USBCIR) Image path: \SystemRoot\system32\DRIVERS\usbcir.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): usbehci Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver Image path: system32\DRIVERS\usbehci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): usbhub Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft USB Standard Hub Driver Image path: system32\DRIVERS\usbhub.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): usbohci Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft USB Open Host Controller Miniport Driver Image path: system32\DRIVERS\usbohci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): usbprint Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft USB PRINTER Class Image path: system32\DRIVERS\usbprint.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): usbscan Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: USB Scanner Driver Image path: system32\DRIVERS\usbscan.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): USBSTOR Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: USB Mass Storage Driver Image path: system32\DRIVERS\USBSTOR.SYS Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): usbuhci Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft USB Universal Host Controller Miniport Driver Image path: \SystemRoot\system32\DRIVERS\usbuhci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): UxSms Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\dwm.exe,-2000 Description: @%SystemRoot%\system32\dwm.exe,-2001 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): V0330VID Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WebCam Vista/Live! Cam Chat VF0330 Image path: system32\DRIVERS\V0330Vid.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): VaultSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\vaultsvc.dll,-1003 Description: @%SystemRoot%\system32\vaultsvc.dll,-1004 Object name: LocalSystem Image path: %SystemRoot%\system32\lsass.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: rpcss Service (registry key): vdrvroot Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Virtual Drive Enumerator Driver Image path: system32\DRIVERS\vdrvroot.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): vds Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\vds.exe,-100 Description: @%SystemRoot%\system32\vds.exe,-112 Object name: LocalSystem Image path: %SystemRoot%\System32\vds.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RpcSs,PlugPlay Service (registry key): vga Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: system32\DRIVERS\vgapnp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): VgaSave Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\System32\drivers\vga.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 0 Service (registry key): vhdmp Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\vhdmp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): viaide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\viaide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 3 Service (registry key): vmbus Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\vmbusres.dll,-1000 Image path: \SystemRoot\system32\DRIVERS\vmbus.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): VMBusHID Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\VMBusHID.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): volmgr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Volume Manager Driver Image path: system32\DRIVERS\volmgr.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): volmgrx Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\drivers\volmgrx.sys,-100 Description: @%SystemRoot%\system32\drivers\volmgrx.sys,-101 Image path: System32\drivers\volmgrx.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): volsnap Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Storage volumes Image path: system32\DRIVERS\volsnap.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): vsmraid Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\vsmraid.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): VSS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\vssvc.exe,-102 Description: @%systemroot%\system32\vssvc.exe,-101 Object name: LocalSystem Image path: %systemroot%\system32\vssvc.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): vwifibus Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Virtual WiFi Bus Driver Description: Virtual WiFi Bus Driver Image path: system32\DRIVERS\vwifibus.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): vwififlt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Virtual WiFi Filter Driver Description: Virtual WiFi Filter Driver Image path: system32\DRIVERS\vwififlt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): vwifimp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Virtual WiFi Miniport Service Image path: system32\DRIVERS\vwifimp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): W32Time Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\w32time.dll,-200 Description: @%SystemRoot%\system32\w32time.dll,-201 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): W3SVC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): WacomPen Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Wacom Serial Pen HID Driver Image path: \SystemRoot\system32\DRIVERS\wacompen.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): WANARP Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\rascfg.dll,-32011 Description: @%systemroot%\system32\rascfg.dll,-32011 Image path: system32\DRIVERS\wanarp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Wanarpv6 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\rascfg.dll,-32012 Description: @%systemroot%\system32\rascfg.dll,-32012 Image path: system32\DRIVERS\wanarp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): wbengine Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wbengine.exe,-104 Description: @%systemroot%\system32\wbengine.exe,-105 Object name: localSystem Image path: "%systemroot%\system32\wbengine.exe" Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): WbioSrvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wbiosrvc.dll,-100 Description: @%systemroot%\system32\wbiosrvc.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,VaultSvc,WUDFSvc Service (registry key): wcncsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\wcncsvc.dll,-3 Description: @%SystemRoot%\system32\wcncsvc.dll,-4 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: rpcss Service (registry key): WcsPlugInService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200 Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k wcssvc Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Wd Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\DRIVERS\wd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Wdf01000 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Kernel Mode Driver Frameworks service Image path: system32\drivers\Wdf01000.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): WdiServiceHost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wdi.dll,-502 Description: @%systemroot%\system32\wdi.dll,-503 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): WdiSystemHost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wdi.dll,-500 Description: @%systemroot%\system32\wdi.dll,-501 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): WebClient Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\webclnt.dll,-100 Description: @%systemroot%\system32\webclnt.dll,-101 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: MRxDAV Service (registry key): Wecsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\wecsvc.dll,-200 Description: @%SystemRoot%\system32\wecsvc.dll,-201 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: HTTP,Eventlog Service (registry key): wercplsupport Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\wercplsupport.dll,-101 Description: @%SystemRoot%\System32\wercplsupport.dll,-100 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Service (registry key): WerSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\wersvc.dll,-100 Description: @%SystemRoot%\System32\wersvc.dll,-101 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 0 Service (registry key): WfpLwf Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WFP Lightweight Filter Description: WFP Lightweight Filter Image path: system32\DRIVERS\wfplwf.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): WIMMount Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WIMMount Description: WIM Image mount service driver Image path: system32\drivers\wimmount.sys Image size: 19008 Image MD5: 5CF95B35E59E2A38023836FFF31BE64C Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): WinDefend Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k secsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): Windows Workflow Foundation 3.0.0.0 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): WinHttpAutoProxySvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\winhttp.dll,-100 Description: @%SystemRoot%\system32\winhttp.dll,-101 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: Dhcp Service (registry key): Winmgmt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205 Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204 Object name: localSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 0 Depends On services: RPCSS Service (registry key): WinRM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%Systemroot%\system32\wsmsvc.dll,-101 Description: @%Systemroot%\system32\wsmsvc.dll,-102 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\System32\svchost.exe -k NetworkService Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS,HTTP Service (registry key): Winsock Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 3 Type: 4 Error Control: 1 Service (registry key): WinSock2 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): WinUsb Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: WinUsb Image path: system32\DRIVERS\WinUsb.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Wlansvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\wlansvc.dll,-257 Description: @%SystemRoot%\System32\wlansvc.dll,-258 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost Service (registry key): WmiAcpi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Windows Management Interface for ACPI Image path: system32\DRIVERS\wmiacpi.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): WmiApRpl Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): wmiApSrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111 Object name: localSystem Image path: %systemroot%\system32\wbem\WmiApSrv.exe Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): WMPNetworkSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102 Object name: NT AUTHORITY\NetworkService Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: http Service (registry key): WPCSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\wpcsvc.dll,-100 Description: @%SystemRoot%\system32\wpcsvc.dll,-101 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): WPDBusEnum Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100 Description: @%SystemRoot%\system32\wpdbusenum.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): ws2ifsl Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000 Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000 Image path: \SystemRoot\system32\drivers\ws2ifsl.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): wscsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\wscsvc.dll,-200 Description: @%SystemRoot%\System32\wscsvc.dll,-201 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,winmgmt Service (registry key): WSearch Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\SearchIndexer.exe,-103 Description: @%systemroot%\system32\SearchIndexer.exe,-104 Object name: LocalSystem Image path: %systemroot%\system32\SearchIndexer.exe /Embedding Image size: 428032 Image MD5: 622D95520182F6D3D05310D5810CA8B3 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: RPCSS Service (registry key): WSearchIdxPi Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): wuauserv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\wuaueng.dll,-105 Description: @%systemroot%\system32\wuaueng.dll,-106 Object name: LocalSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: rpcss Service (registry key): WudfPf Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: User Mode Driver Frameworks Platform Driver Image path: system32\drivers\WudfPf.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): WUDFRd Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: system32\DRIVERS\WUDFRd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): wudfsvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000 Description: @%SystemRoot%\system32\wudfsvc.dll,-1001 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay,WudfPf Service (registry key): WwanSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\wwansvc.dll,-257 Description: @%SystemRoot%\System32\wwansvc.dll,-258 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork Image size: 20992 Image MD5: 54A47F6B5E09A77E61649109C6A08866 Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc Service (registry key): xmlprov Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): {24B51601-966F-4D50-9048-E95C75B88852} Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): {CD10A94E-982D-4B96-A745-49F52958EF88} Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): {CF8D0822-3D99-4C0D-81A2-B9D0994D9C9C} Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0

ComboFix 10-12-21.01 - Danny 21/12/2010 23:18:27.4.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.1791.961 [GMT 1:00] Gestart vanuit: c:\users\Danny\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Danny\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files (x86)\ConduitEngine c:\program files (x86)\ConduitEngine\appContextMenu.xml c:\program files (x86)\ConduitEngine\ConduitEngine.dll c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe c:\program files (x86)\ConduitEngine\engineContextMenu.xml c:\program files (x86)\ConduitEngine\EngineSettings.json c:\program files (x86)\ConduitEngine\INSTALL.LOG c:\program files (x86)\ConduitEngine\toolbar.cfg c:\users\Danny\AppData\Local\Conduit c:\users\Danny\AppData\Local\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=fr-be&browserType=IE&toolbarVersion=5_3_5_4.xml Besmet exemplaar van c:\windows\SysWow64\userinit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ERDNT\cache64\userinit.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))) . 2010-12-21 22:29 . 2010-12-21 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-21 12:10 . 2009-07-14 01:52 24128 ----a-w- c:\windows\SysWow64\drivers\atapi.sys 2010-12-18 19:59 . 2010-12-18 20:00 -------- d-----w- c:\users\Danny\AppData\Local\ConduitEngine 2010-12-18 19:59 . 2010-12-18 20:00 -------- d-----w- c:\users\Danny\AppData\Local\Messenger_Plus_Live_Belgium 2010-12-04 19:48 . 2010-12-04 19:48 -------- d-----w- c:\windows\Sun . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 16:42 . 2010-02-20 19:21 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2010-11-29 16:42 . 2010-02-20 19:21 24152 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((( SnapShot@2010-12-20_22.41.00 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2010-12-20 22:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2010-12-21 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2010-12-20 22:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2010-12-21 22:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2010-12-21 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2010-12-20 22:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:54 . 2010-12-21 16:15 44724 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2010-12-20 22:15 30234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2010-12-21 21:51 30234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-02-14 22:42 . 2010-12-20 22:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-14 22:42 . 2010-12-21 10:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-14 22:42 . 2010-12-20 22:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-02-14 22:42 . 2010-12-21 10:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2010-12-20 22:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2010-12-21 10:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:53 . 2010-12-21 21:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-14 22:53 . 2010-12-21 21:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:53 . 2010-12-21 21:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-14 22:53 . 2010-12-21 21:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:53 . 2010-12-21 21:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:54 . 2010-12-21 21:51 9824 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434075484-1833317394-3949034151-1001_UserData.bin - 2010-12-20 22:40 . 2010-12-20 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-12-21 22:30 . 2010-12-21 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-12-21 22:30 . 2010-12-21 22:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-12-20 22:40 . 2010-12-20 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-02-14 23:05 . 2010-12-20 22:40 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2010-02-14 23:05 . 2010-12-21 22:31 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2010-02-15 18:32 . 2010-12-21 18:56 297808 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2010-02-15 11:29 . 2010-12-20 22:18 689288 c:\windows\system32\perfh013.dat + 2010-02-15 11:29 . 2010-12-21 21:54 689288 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2010-12-20 22:18 606992 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2010-12-21 21:54 606992 c:\windows\system32\perfh009.dat + 2010-02-15 11:29 . 2010-12-21 21:54 129536 c:\windows\system32\perfc013.dat - 2010-02-15 11:29 . 2010-12-20 22:18 129536 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2010-12-21 21:54 103370 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2010-12-20 22:18 103370 c:\windows\system32\perfc009.dat - 2009-07-14 02:34 . 2010-12-19 15:34 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2010-12-21 19:06 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SetPoint"="c:\program files (x86)\Logitech\SetPoint\KEM.EXE" [2004-07-15 581632] "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768] "YouTubeDownloader_upgrade"="c:\program files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" [2010-05-20 394240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 136176] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x] R3 V0330VID;WebCam Vista/Live! Cam Chat VF0330;c:\windows\system32\DRIVERS\V0330Vid.sys [2009-07-03 193408] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-07-08 239648] S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x64.sys [2009-06-26 32768] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-26 83488] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . Inhoud van de 'Gedeelde Taken' map 2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 08:01] 2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 08:01] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\bmgfrksz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535304&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.gva.be/fun/wedstrijden/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535304&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Messenger Plus Live Belgium Toolbar: {d1a1c8f1-e3d9-48df-802f-20201061ef61} - %profile%\extensions\{d1a1c8f1-e3d9-48df-802f-20201061ef61} FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: BittorrentBar_NL Community Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - %profile%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591} . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D1A1C8F1-E3D9-48DF-802F-20201061EF61} - (no file) WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file) AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.9" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe . ************************************************************************** . Voltooingstijd: 2010-12-21 23:37:17 - machine werd herstart ComboFix-quarantined-files.txt 2010-12-21 22:37 ComboFix2.txt 2010-12-21 12:20 ComboFix3.txt 2010-12-21 10:20 ComboFix4.txt 2010-12-20 22:46 Pre-Run: 46.304.866.304 bytes beschikbaar Post-Run: 45.996.904.448 bytes beschikbaar - - End Of File - - 4FC60F0B0A668297E7EE4C9767A565AA

ComboFix 10-12-20.02 - Danny 21/12/2010 13:01:04.3.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.1791.1050 [GMT 1:00] Gestart vanuit: c:\users\Danny\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . Besmet exemplaar van c:\windows\SysWow64\Drivers\atapi.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ERDNT\cache64\atapi.sys . (((((((((((((((((((( Bestanden Gemaakt van 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))) . 2010-12-21 12:12 . 2010-12-21 12:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-21 12:10 . 2009-07-14 01:52 24128 ----a-w- c:\windows\SysWow64\drivers\atapi.sys 2010-12-18 19:59 . 2010-12-18 19:59 -------- d-----w- c:\users\Danny\AppData\Local\Conduit 2010-12-18 19:59 . 2010-12-18 20:00 -------- d-----w- c:\users\Danny\AppData\Local\Messenger_Plus_Live_Belgium 2010-12-11 17:22 . 2010-12-11 17:22 -------- d-----w- c:\program files (x86)\ConduitEngine 2010-12-04 19:48 . 2010-12-04 19:48 -------- d-----w- c:\windows\Sun . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 16:42 . 2010-02-20 19:21 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2010-11-29 16:42 . 2010-02-20 19:21 24152 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((( SnapShot@2010-12-20_22.41.00 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2010-12-20 22:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2010-12-21 12:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2010-12-20 22:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2010-12-21 12:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2010-12-21 12:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2010-12-20 22:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:54 . 2010-12-21 11:41 44296 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2010-12-20 22:15 30234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2010-12-21 11:41 30234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-02-14 22:42 . 2010-12-20 22:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-14 22:42 . 2010-12-21 10:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-14 22:42 . 2010-12-20 22:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-02-14 22:42 . 2010-12-21 10:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2010-12-20 22:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2010-12-21 10:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:53 . 2010-12-21 11:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-14 22:53 . 2010-12-21 11:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:53 . 2010-12-21 11:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-02-14 22:53 . 2010-12-21 11:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-02-14 22:53 . 2010-12-20 22:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:53 . 2010-12-21 11:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-02-14 22:54 . 2010-12-21 11:41 9824 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1434075484-1833317394-3949034151-1001_UserData.bin - 2010-12-20 22:40 . 2010-12-20 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-12-21 12:13 . 2010-12-21 12:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2010-12-21 12:13 . 2010-12-21 12:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-12-20 22:40 . 2010-12-20 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-02-14 23:05 . 2010-12-20 22:40 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2010-02-14 23:05 . 2010-12-21 12:13 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2010-02-15 18:32 . 2010-12-21 11:09 297534 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2010-02-15 11:29 . 2010-12-20 22:18 689288 c:\windows\system32\perfh013.dat + 2010-02-15 11:29 . 2010-12-21 11:44 689288 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2010-12-20 22:18 606992 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2010-12-21 11:44 606992 c:\windows\system32\perfh009.dat + 2010-02-15 11:29 . 2010-12-21 11:44 129536 c:\windows\system32\perfc013.dat - 2010-02-15 11:29 . 2010-12-20 22:18 129536 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2010-12-21 11:44 103370 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2010-12-20 22:18 103370 c:\windows\system32\perfc009.dat - 2009-07-14 02:34 . 2010-12-19 15:34 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2010-12-21 11:19 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SetPoint"="c:\program files (x86)\Logitech\SetPoint\KEM.EXE" [2004-07-15 581632] "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768] "YouTubeDownloader_upgrade"="c:\program files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" [2010-05-20 394240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 136176] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x] R3 V0330VID;WebCam Vista/Live! Cam Chat VF0330;c:\windows\system32\DRIVERS\V0330Vid.sys [2009-07-03 193408] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-07-08 239648] S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x64.sys [2009-06-26 32768] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-26 83488] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . Inhoud van de 'Gedeelde Taken' map 2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 08:01] 2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 08:01] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\bmgfrksz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535304&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.gva.be/fun/wedstrijden/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535304&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Messenger Plus Live Belgium Toolbar: {d1a1c8f1-e3d9-48df-802f-20201061ef61} - %profile%\extensions\{d1a1c8f1-e3d9-48df-802f-20201061ef61} FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: BittorrentBar_NL Community Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - %profile%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591} . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D1A1C8F1-E3D9-48DF-802F-20201061EF61} - (no file) WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file) . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.9" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe . ************************************************************************** . Voltooingstijd: 2010-12-21 13:20:32 - machine werd herstart ComboFix-quarantined-files.txt 2010-12-21 12:20 ComboFix2.txt 2010-12-21 10:20 ComboFix3.txt 2010-12-20 22:46 Pre-Run: 47.680.098.304 bytes beschikbaar Post-Run: 47.465.799.680 bytes beschikbaar - - End Of File - - 79E94E108C144304E128C668388ABCDF Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:23:26, on 21/12/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Logitech\SetPoint\KEM.exe C:\Windows\V0330Mon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [setPoint] C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE O4 - HKLM\..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6816 bytes

Hoe start ik op in "veilige modus", mss ligt daar het probleem met HijackThis. In HijackThis, krijg ik ni de keuze opstarten als administrator

Hopelijk heb ik het goed gedaan!!!!??? ComboFix 10-12-20.01 - Danny 20/12/2010 23:27:41.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.1791.1079 [GMT 1:00] Gestart vanuit: c:\users\Danny\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe C:\messenger.exe c:\users\Public\mdsys.s c:\users\Public\mdusys.s Besmet exemplaar van c:\windows\SysWow64\userinit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))) . 2010-12-20 22:39 . 2010-12-20 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-20 22:14 . 2010-12-20 22:21 -------- d-----w- C:\32788R22FWJFW.0.tmp 2010-12-18 19:59 . 2010-12-18 19:59 -------- d-----w- c:\users\Danny\AppData\Local\Conduit 2010-12-18 19:59 . 2010-12-18 20:00 -------- d-----w- c:\users\Danny\AppData\Local\Messenger_Plus_Live_Belgium 2010-12-15 18:32 . 2010-12-15 18:32 388096 ----a-r- c:\users\Danny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-11 17:22 . 2010-12-11 17:22 -------- d-----w- c:\program files (x86)\ConduitEngine 2010-12-04 19:48 . 2010-12-04 19:48 -------- d-----w- c:\windows\Sun . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 16:42 . 2010-02-20 19:21 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2010-11-29 16:42 . 2010-02-20 19:21 24152 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-11-29 14:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SetPoint"="c:\program files (x86)\Logitech\SetPoint\KEM.EXE" [2004-07-15 581632] "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768] "YouTubeDownloader_upgrade"="c:\program files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" [2010-05-20 394240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 136176] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x] R3 V0330VID;WebCam Vista/Live! Cam Chat VF0330;c:\windows\system32\DRIVERS\V0330Vid.sys [2009-07-03 193408] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-07-08 239648] S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x64.sys [2009-06-26 32768] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-26 83488] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . Inhoud van de 'Gedeelde Taken' map 2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 08:01] 2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 08:01] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\bmgfrksz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535304&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.gva.be/fun/wedstrijden/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535304&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Messenger Plus Live Belgium Toolbar: {d1a1c8f1-e3d9-48df-802f-20201061ef61} - %profile%\extensions\{d1a1c8f1-e3d9-48df-802f-20201061ef61} FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: BittorrentBar_NL Community Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - %profile%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591} . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D1A1C8F1-E3D9-48DF-802F-20201061EF61} - (no file) WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) AddRemove-BSPlayerp - c:\program files (x86)\Webteh\BSplayerPro\uninstall.exe . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.9" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Logitech\SetPoint\KHALMNPR.EXE . ************************************************************************** . Voltooingstijd: 2010-12-20 23:46:40 - machine werd herstart ComboFix-quarantined-files.txt 2010-12-20 22:46 Pre-Run: 46.544.506.880 bytes beschikbaar Post-Run: 47.990.820.864 bytes beschikbaar - - End Of File - - 75A320D6C7205F04371D18955F83A961 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:51:00, on 20/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Logitech\SetPoint\KEM.exe C:\Windows\V0330Mon.exe C:\Program Files (x86)\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O4 - HKLM\..\Run: [setPoint] C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE O4 - HKLM\..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAxADMAMQA2ADcAMwA2ADUALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAA"&"prod=90"&"ver=9.0.872 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7910 bytes

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:36:11, on 20/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Logitech\SetPoint\KEM.exe C:\Windows\V0330Mon.exe C:\Program Files (x86)\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search Plus! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [setPoint] C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE O4 - HKLM\..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAxADMAMQA2ADcAMwA2ADUALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAA"&"prod=90"&"ver=9.0.872 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8323 bytes ---------- Post toegevoegd om 09:40 ---------- Vorige post was om 09:38 ---------- Beste, die Search Plus en Bing bv. heb ik niet nodig, kan ik die verwijderen???

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:29:13, on 19/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Logitech\SetPoint\KEM.exe C:\Windows\V0330Mon.exe C:\Program Files (x86)\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\BitTorrent\bittorrent.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\SysWOW64\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search Plus! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [setPoint] C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE O4 - HKLM\..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAxADMAMQA2ADcAMwA2ADUALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAA"&"prod=90"&"ver=9.0.872 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8487 bytes Malwarebytes' Anti-Malware 1.50 Malwarebytes Databaseversie: 5350 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 19/12/2010 13:25:03 mbam-log-2010-12-19 (13-25-03).txt Scantype: Snelle scan Objecten gescand: 154695 Verstreken tijd: 4 minuut/minuten, 5 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)

sorry, hoe doe ik dit als administrator en in veilige modus?

Malwarebytes' Anti-Malware 1.50 Malwarebytes Databaseversie: 5350 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 18/12/2010 20:48:14 mbam-log-2010-12-18 (20-48-14).txt Scantype: Snelle scan Objecten gescand: 156852 Verstreken tijd: 4 minuut/minuten, 33 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 1 Registersleutels geïnfecteerd: 22 Registerwaarden geïnfecteerd: 5 Registerdata geïnfecteerd: 1 Mappen geïnfecteerd: 9 Bestanden geïnfecteerd: 20 Geheugenprocessen geïnfecteerd: c:\program files (x86)\HBLite\bin\11.0.264.0\HBLiteSA.exe (Adware.Hotbar) -> 3812 -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: c:\program files (x86)\HBLite\bin\11.0.264.0\hblitesahook.dll (Adware.Hotbar) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{8270927A-FB8B-4647-8E21-C9459BB2610D} (Adware.QWO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{83C02F52-352E-4D97-BCED-E6B61C924811} (Adware.QWO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5C399D68-4C65-41C0-95DD-34C0E711E49F} (Adware.QWO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\QWS.QWBand.1 (Adware.QWO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\QWS.QWBand (Adware.QWO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8270927A-FB8B-4647-8E21-C9459BB2610D} (Adware.QWO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8270927A-FB8B-4647-8E21-C9459BB2610D} (Adware.QWO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8270927A-FB8B-4647-8E21-C9459BB2610D} (Adware.QWO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\qword.com (Adware.QWO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBLiteSA (Adware.Hotbar) -> Value: HBLiteSA -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8270927A-FB8B-4647-8E21-C9459BB2610D} (Adware.QWO) -> Value: {8270927A-FB8B-4647-8E21-C9459BB2610D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8270927A-FB8B-4647-8E21-C9459BB2610D} (Adware.QWO) -> Value: {8270927A-FB8B-4647-8E21-C9459BB2610D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\Qword Search Engine (Adware.QWO) -> Value: Qword Search Engine -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> Quarantined and deleted successfully. Registerdata geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Homepage) -> Bad: (Qword Search Engine) Good: (Google) -> Quarantined and deleted successfully. Mappen geïnfecteerd: c:\Users\Danny\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\HBLite (Adware.Hotbar) -> Delete on reboot. c:\program files (x86)\HBLite\bin (Adware.Hotbar) -> Delete on reboot. c:\program files (x86)\HBLite\bin\11.0.264.0 (Adware.Hotbar) -> Delete on reboot. c:\program files (x86)\HBLite\bin\11.0.264.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\program files (x86)\HBLite\bin\11.0.264.0\HBLiteSA.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\HBLite\bin\11.0.264.0\hblitesahook.dll (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\a2763afd8fd54bf6a0d6c19dfd7f492a\QWS.dll (Adware.QWO) -> Quarantined and deleted successfully. c:\program files (x86)\HBLite\bin\11.0.264.0\hblitesaax.dll (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\mozilla firefox\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\Danny\downloads\fretssetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\Danny\favorites\qword search engine.url (Adware.QWO) -> Quarantined and deleted successfully. c:\Users\Public\winbrd.jpg (Malware.Trace) -> Quarantined and deleted successfully. c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\HBLite\bin\11.0.264.0\hbliteuninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully. c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:55:52, on 18/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Logitech\SetPoint\KEM.exe C:\Windows\V0330Mon.exe C:\Program Files (x86)\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search Plus! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Messenger Plus Live Belgium Toolbar - {d1a1c8f1-e3d9-48df-802f-20201061ef61} - C:\Program Files (x86)\Messenger_Plus_Live_Belgium\tbMess.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll O3 - Toolbar: Messenger Plus Live Belgium Toolbar - {d1a1c8f1-e3d9-48df-802f-20201061ef61} - C:\Program Files (x86)\Messenger_Plus_Live_Belgium\tbMess.dll O3 - Toolbar: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [setPoint] C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE O4 - HKLM\..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAxADMAMQA2ADcAMwA2ADUALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAA"&"prod=90"&"ver=9.0.872 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9550 bytes

AUB! file of Trend Micro HijackThis v2.0.4 Scan saved at 17:22:41, on 18/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Logitech\SetPoint\KEM.exe C:\Windows\V0330Mon.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Logitech\SetPoint\KHALMNPR.EXE C:\Program Files (x86)\HBLite\bin\11.0.264.0\HBLiteSA.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Qword Search Engine R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search Plus! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll R3 - URLSearchHook: Messenger Plus Live Belgium Toolbar - {d1a1c8f1-e3d9-48df-802f-20201061ef61} - C:\Program Files (x86)\Messenger_Plus_Live_Belgium\tbMess.dll R3 - URLSearchHook: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: QWBandToolBar - {8270927A-FB8B-4647-8E21-C9459BB2610D} - C:\Program Files (x86)\A2763AFD8FD54BF6A0D6C19DFD7F492A\QWS.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Messenger Plus Live Belgium Toolbar - {d1a1c8f1-e3d9-48df-802f-20201061ef61} - C:\Program Files (x86)\Messenger_Plus_Live_Belgium\tbMess.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll O3 - Toolbar: Messenger Plus Live Belgium Toolbar - {d1a1c8f1-e3d9-48df-802f-20201061ef61} - C:\Program Files (x86)\Messenger_Plus_Live_Belgium\tbMess.dll O3 - Toolbar: QWBandToolBar - {8270927A-FB8B-4647-8E21-C9459BB2610D} - C:\Program Files (x86)\A2763AFD8FD54BF6A0D6C19DFD7F492A\QWS.dll O3 - Toolbar: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\IDTB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: BittorrentBar_NL Toolbar - {2d8d9acc-f6d7-4362-8876-a275ca929591} - C:\Program Files (x86)\BittorrentBar_NL\tbBitt.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [setPoint] C:\Program Files (x86)\Logitech\SetPoint\KEM.EXE O4 - HKLM\..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [YouTubeDownloader_upgrade] "C:\Program Files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" /upgrade O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HBLiteSA] "C:\Program Files (x86)\HBLite\bin\11.0.264.0\HBLiteSA.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O15 - Trusted Zone: *.qword.com O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11194 bytes

hoi, spybot - search & destroy krijgt "zango" niet verwijderd!! help! Jonati

Hoi, regelmatig krijg ik in hotmail volgende mails van contacten die zeker die mails niet sturen; This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. .....@hotmail.com --Doorgestuurd bericht in de bijlage-- From: ..... To: ...@hotmail.com Subject: Bekijk nu de beoordeling van Danny De l'arbre op jouw kiek Date: Thu, 2 Dec 2010 05:12:22 +0000 Beste Je afbeelding werd nu on-line bekeken door Danny De l'arbre en met een 5 beoordeeld! Wil jij weten om welke afbeelding het gaat? Bezoek dan nu naar de pagina: http://www.msnpicturenet.com/?vriend=...@hotmail.com Ltr Danny De l'arbre Hoe los ik dit euvel op?????

Haha, gelukt; ik had het programma niet goed gebrand op het schijfje! BEDANKT!!! De C:-schijf groter maken en de F: kleiner raad mijn niet aan! Wat is juli mening (ze zijn allebei evengroot).

Ik kan niet opstarten vanaf deze cd! Ik krijg bij opstart nu; "Reboot and select boot device or insert boot media in selected boot device and press a key" Vorige keer kreeg ik de vermelding; "bootmgr is missing; druk ctrl alt del" (dit ging ook niet); zou dit aan mijn keyboard liggen; ik heb er 2 met een stationneke (mss beter met rechtstreekse usb aansluiting, of staat dit er los van????)

neen, gaat ook niet